Wi-fi Evil Twin Scam

More and more people have become used to using laptops and wireless networks for logging on to the Internet these days. We have them in our homes (although you should know that you need to have a firewall and use a password to make your home network safe from intruders) and we’re seeking out the increasing number of places, from cafes to coffee shops to bars, that offer wi-fi hotspots where we can check our e-mail and work.

We’ve come to accept widespread wireless access as a fact of life, and it is. But wherever you have something a lot of people use without thought, you’ll find those eager to take advantage of it for criminal purposes. Believe it or not, that’s happened with commercial wireless access, creating a wi-fi evil twin scam.

How It Works

It’s a scam that takes a fair amount of computer ability. The crooks have to set up an access point that fools users into logging on by emulating a legitimate wireless network – an evil twin. They do this by setting up next to commercial hotspots. For anyone well versed in the technology, it’s not too difficult to do.

Once people log on to the rogue network, the criminals simply begin harvesting data as they work, which can lead to widespread identity theft. That second part is actually the easy bit.

Some people have called it a variation on phishing, where people receive fake e-mails leading them to click on links to fake web sites and enter their details, but this is something different, and more insidious. It’s a crime that hits not only individuals, but also businesses. They assume their network is secure only to find it’s anything but, which can ruin their reputation.

What To Do About It

The big question is how do you know that the network at your local coffee shop is secure? The answer is – you don’t. We work on the assumption that is it, but few really take all the precautions needed for proper security.

The onus lies with the business to work on security. But most are run by people with very little computer knowledge, meaning that any guarantees are going to be limited. In the case of shop chains, they need a strong security policy throughout the company, or their hotspots could actually prove to be a way into the company’s computers.

So what’s the solution for you, to keep your data safe? You have no idea if you’re logging on to a real network or an evil twin. In many instances, checking with a business before logging on won’t make you much the wiser.

The best solution is to only log on when you know a network is secure. That hardly seems an ideal answer, but it’s the way to keep your personal and other data secure. The only way to be safe is if both the host and the user have software certificates identifying them to each other, and you might find those are relatively rare (although improving with the prevalence of wireless hotspots and increasing security concerns). Otherwise, leave you laptop unopened – and you’ll be a lot safer.